For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, December 17, 2016

Raison d’etre (Why Are We Here?)

"We are here to
produce finished intelligence reports. A good intelligence report provides
a customer with insight, meaning, and context that mere data, “feeds,” or news
cannot. Intelligence reports help people
understand complex issues and explains why those issues may impact them. In
an ideal situation, an intelligence report tells someone something they do not
already know, or puts seemingly disparate things into a perspective that they
did not envision."This is the first paragraph in our newly drafted writers manual and style guide, and in one paragraph it tells the story I've been screaming from the rooftops for five years. This week I had lunch with a really smart, highly qualified security sales professional (I

normally would say sales guy, but this guy qualifies in my mind as a pro). He was skeptical when I told him we were looking for a sales guy (a pro) to help sell our upgraded vision --that of a premium provider of finished intelligence, he told me he'd sat with a number of other (ahem) intelligence companies who all tell the same story --they run honeypots, sinkholes, and pull data from all over the world. They aggregate, they correlate, (heck, they even julienne fries!) and then send it out. He commented that in every case, when he asked how each individual company was different from the rest, none had an answer --they all sell the same information, aggregated from the same sources, and sold with slightly different pitches. And when he talks to his customers about it? They all have the same feedback --it's junk. I showed him ours --pictures of bad guys who target banks, defense supply chain

companies, oil and gas, SWIFT. I showed him technical analysis of malware submitted from a defense company, but reported out in a way that's useful to many; and I showed him geopolitical stories of election tampering with real lessons learned (written because we had customers who operate in the area!); and I showed him how we distill that information into finished intelligence; the story, the motivation in many cases, the targeting, and the tools --broken down into actionable indicators, snort and yara rules. [PG13] I joke about a measure of success; it's that point where I'm telling a story; when I realize the guy I'm talking to has only one hand visible above the table. You know that look? This guy ate his lunch one handed! [/PG13]He commented throughout lunch that THIS is what EVERY CISO should be reading --especially if they need to brief the CEO or the board. At nearly every turn, he commented on the idea that he could sell the sh*t out of this, because we showed pictures, and stories, and motivations, and also, like everyone else, indicators of compromise. The difference? Ours had meaning. We'll see if we hire this guy. He's expensive and we're a cash flow company, but he clearly got it. The value proposition was dead on for this lunch; and if he works for someone else? He'll be thinking about me ;) (Does anyone else hear an Alanis Morissette song playing in the background?)In all seriousness, this is what we do...We produce finished intelligence reports that offer readers insight, meaning, and context that mere data, “feeds,” or news cannot; Intelligence reports that help people understand the complex issues that they face and explain why those issues may impact them. When we get the opportunity to tell our story to a techie, a CISO, CIO, or a board member, they get it. It takes very little convincing for them to understand why we're different. We're heading into the end of the year, and we're talking with folks who want and need more than just data --every CISO needs intelligence; not just a list of IPs or domains --that's data. You need to know how and why things are happening and then how to protect against it. Want to hear our story? Drop me a line. Let's schedule some time. jstutzman@wapacklabs.com.Until next time! It's snowing like crazy outside and I'm going to go enjoy a bit of it!Have a great weekend!Jeff